<?
/*
Bitsand - a web-based booking system for LRP events
Copyright (C) 2006, 2007 Russell Peter Phillips

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

//Clear cookies and redirect to index.php
function ForceLogin ($sMsg = '') {
	//Cookies are reset here, but values will not be available until next page load. Note that Lynx (and others?)
	//do not seem to reset cookies when they are set to null value, so we set them to zero, then set them to null
	setcookie ('BA_PlayerID', 0);
	setcookie ('BA_PlayerID', NULL);
	setcookie ('BA_LoginTime', 0);
	setcookie ('BA_LoginTime', NULL);
	//Because cookie value will not be available until next page load, reset value of $PLAYER_ID
	$PLAYER_ID = 0;
	
	//Make up URL
	$sHost = $_SERVER['HTTP_HOST'];
	$sURI = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
	$sFile = 'index.php';
	if ($sMsg != '')
		$sFile .= '?warn=' . urlencode ($sMsg);
	header ("Location: http://$sHost$sURI/$sFile");
}

//Load config file, error reporting, encrypt/decrypt functions
require ('inc_config.php');
include ('inc_error.php');
include ('inc_crypt.php');

//Open link to database
$link = mysqli_connect (DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($link === False) {
	$sErr = "Could not connect to database.\n";
	$sErr .= "MySQL error number: " . (string) mysqli_errno ($link) . "\n";
	$sErr .= "MySQL error description: " . (string) mysqli_error ($link);
	LogError ($sErr);
}

if ((int) $_COOKIE ['BA_PlayerID'] > 0)
	$PLAYER_ID = (int) $_COOKIE ['BA_PlayerID'];
else
	//Player is not logged in. Set $PLAYER_ID to zero - need fixed value if player is not logged in
	$PLAYER_ID = 0;

//Check for cookie that shows that user is logged in. If user is not logged in, go to index.php
//Do not check if $sNoLoginCheck == 'TRUE' - this allows some pages to not require login, but defaults to login being required
if ($bLoginCheck !== False) {
	if ($_COOKIE ['BA_PlayerID'] == '' || $_COOKIE ['BA_PlayerID'] == 0) {
		//User is not logged in, and must be logged in to access this page.
		ForceLogin ('You must be logged in to access that page');
	}
	else {
		//Check player ID and login time against database sessions table
		$PLAYER_ID = (int) $_COOKIE ['BA_PlayerID'];
		$sLoginTime = $_COOKIE ['BA_LoginTime'];
		$sql = "SELECT ssPlayerID, ssLastAccess FROM sessions WHERE ssPlayerID = $PLAYER_ID AND ssLoginTime = '$sLoginTime'";
		$result = mysqli_query ($link, $sql);
		//$result will be False if SQL returned no rows
		if ($result !== False) {
			$row = mysqli_fetch_assoc ($result);
			//User is logged in. Check time difference since ssLastAccess
			$iNow = time ();
			$iDiff = $iNow - $row ['ssLastAccess'];
			//Get time difference in minutes
			$iDiff = (int) $iDiff / 60;
			if ($iDiff > LOGIN_TIMEOUT) {
				//User has been inactive for too long. Log out
				ForceLogin ('Your login has timed out. Please login again');
			}
			else {
				//Update ssLastAccess
				$sql = "UPDATE sessions SET ssLastAccess = $iNow WHERE ssPlayerID = $PLAYER_ID";
				mysqli_query ($link, $sql);
			}
		}
		else {
			//query returned no rows - user is not logged in
			ForceLogin ();
		}
	}
}
?>
